The mirroring of network traffic is a common feature found in many network relay devices, such as network switches. Network traffic mirroring, or port mirroring, is a method of monitoring network traffic that forwards a copy of each incoming and outgoing frame from one port of a network device, such as a switch, to another port of the network device from which the mirrored network traffic may be studied. Network traffic mirroring provides a service that duplicates network frames as they pass through a device to another port, or remote system, and may duplicates all or a portion of the network traffic. Network traffic mirroring may be used for network troubleshooting, network security and performance monitoring, and security audits. A network administrator may use mirroring as a diagnostic tool or debugging feature, such as a tool for investigating network intrusions or network attacks. Network mirroring may be performed and managed locally or remotely.
The concern over information privacy is an increasingly more significant concern for government, businesses and individuals. The United States and foreign governments have enacted laws and regulations with respect to the privacy and confidentiality of sensitive information. For example, the United States government has enacted multiple Acts mandating information privacy, such as the Health Insurance Portability and Accountability Act of 1996, referred to as HIPAA, and The Financial Modernization Act of 1999, also known as the “Gramm-Leach-Bliley Act” or GLB Act. The HIPAA Privacy Rule is directed towards setting a national standard for electronic transfers of personal health and medical information data. The GLB Act governs the collection and disclosure of customers' personal financial information by financial institutions, and also applies to other types of companies who receive such information. In another example, the European Union enacted a Directive, referred to as the Data Directive, which imposes strict requirements on the collection, use and disclosure of personal data by businesses in the European Union. Additionally, the Data Directive states that these businesses may not transfer data outside the European Union unless the recipient country provides adequate protection for personal data. Along with complying with multiple privacy rules of various laws and regulations, many companies are also concerned about the confidentiality of their company data. Companies may be concerned with industrial espionage or would like to prevent information that may damage their reputation from becoming publicly available.
Additionally, the convergence of data, voice, and video over network traffic provides various types, forms and sources of information in electronic communications that may be considered personal, private, privileged, or confidential. For example, voice over internet protocol (VoIP) technology provides for the electronic exchange of telephone conversations between individuals over a network and the Internet. Computers, networks and electronic communications are used by many individuals and companies to exchange sensitive or confidential information. Even those involved with criminal or illegal activities may use electronic communications as a means to facilitate their activities. Other laws and regulations, such as the Electronic Communications Privacy Act governs not only the privacy of electronic communications but also the use of wire tapping and other tools to intercept and monitor electronic communications of suspected criminal activity. Companies, law enforcement agencies, and individuals need to be concerned with protecting the privacy of legitimate electronic communications while being able to effectively use wire tapping as a tool to determine criminal activity.
Typically, individuals or companies exchanging electronic communications have knowledge, it not at least a sense, of the source and destination end points of the communication, and the security and privacy of such information during the exchange. For example, when a first user sends a second user an email, both users appreciate the email was sent from a computing device of the first user and received by a computing device of the second user and may have traveled a route between their respective networks and network service providers. In other cases, a user may communicate with a web-site providing confidential information via a secured communication channel. In another case, two companies may exchange confidential information directly via a secure point to point connection. Although there may exist security and privacy issues during these exchanges, the end point locations involved in the exchange can assess and appreciate any of the risk and provide measures to address such risks.
However, network traffic mirroring duplicates network traffic to a location not involved in the network conversation. In many cases, the network traffic mirroring may be performed unbeknownst to any party exchanging data in the network traffic being mirrored. One or more network relay devices in the network route of the communication change may be configured to provide port mirroring. The mirrored network traffic may be copied to a local analyzer, computer or system. Additionally, the network traffic may be mirrored to a remote location, such as a remote device or system. The mirrored network traffic may traverse a different network path than the originally exchanged communications being mirrored, including other network segments, networks and the Internet. As such, the mirrored network traffic may traverse network routes and be provided to locations not intended by the original communication participants. Since traffic mirroring replicates network traffic to locations not involved in the network conversation, the potential for exposing personal, private, privileged, or confidential information may be significant.